This is an archive of the discontinued LLVM Phabricator instance.

Differential D82288

[analyzer][StdLibraryFunctionsChecker] Add POSIX file handling functions
ClosedPublic

Authored by martong on Jun 22 2020, 2:40 AM.

Details

Reviewers
Szelethus
balazske
NoQ
xazax.hun
vsavchenko
gamesh411
Commits
rGdb4d5f7048a2: [analyzer][StdLibraryFunctionsChecker] Add POSIX file handling functions
Summary

Adding file handling functions from the POSIX standard (2017).
A new checker option is introduced to enable them.

In follow-up patches I am going to upstream networking, pthread, and other
groups of POSIX functions.

Diff Detail

Event Timeline

martong created this revision.Jun 22 2020, 2:40 AM
Herald added a project: Restricted Project. ยท View Herald TranscriptJun 22 2020, 2:40 AM
Herald added subscribers: cfe-commits, ASDenysPetrov, steakhal and 10 others. ยท View Herald Transcript
Harbormaster completed remote builds in B61194: Diff 272357.Jun 22 2020, 4:16 AM
martong mentioned this in D79432: [analyzer] StdLibraryFunctionsChecker: Add summaries for libc.Jun 23 2020, 7:30 AM
gamesh411 added a comment.Jun 24 2020, 2:29 AM

Good job, I really fancy the Summary syntax ๐Ÿ‘

clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
740

I presume that typically there are only a handful of Decls in LookupRes, so it not worth the complexity of using std::algorithms to sort/partition/find.

1591

If Off_tMax is only used in the if block that follows, consider moving it's declaration inside.

Szelethus added a comment.Jun 24 2020, 4:48 AM

I see a lot of NoEvalCall, but I wonder whether modifying errno warrants this. Shouldn't we have a alongside NoEvalCall and EvalCallAsPure an EvalCallAsPureButInvalidateErrno invalidation kind?

Also, I'm kind of worried by this checker taking on the responsibility of modeling functions by EvalCall, except for a few functions that it also models, but not with EvalCall, it feels clunky. I remember this one time when I [[ https://reviews.llvm.org/D68165?id=222257#inline-612891 | wanted to model alloca()]], which has a __builtin_alloca variant as well, and I spent a good couple hours figuring out that why the descpription {CDF_MaybeBuiltin, "alloca", 1} was causing crashes. Turns out that BuiltinFunctionsChecker EvalCalled the builtin version, but not the other.

In general, I don't think we have a well established stance on whether we use EvalCall, or PreCall+PostCall, and what roles do batch modeling checkers like StdLibraryFunctionsChecker, GenericTaintChecker and BuiltinFunctionsChecker should play alongside mode sophisticated modeling checkers like CStringModeling, DynamicMemoryModeling and StreamChecker. I bet some of us have ideas how this is supposed to be done, but I feel like there is no unified, agreed upon road we're moving towards. This problem came up in D69662 as well. D75612 introduces EvalCalls to StreamChecker, and I was puzzled why this hasn't been a thing in all similar chekers like MallocChecker, which I commented on in D81315#2079457.

It would also be great if we could enforce that no two checkers evaluate the same function.

None of what I said is a problem introduced by this specific patch, but it definitely amplifies it with the modeling of functions such as strncasecmp (should be the responsibility of CStringModeling), strdup (MallocChecker) and popen (StreamChecker). I'd like to see something set in stone, such as what you're eluding to in D75612#inline-690087, that the role of this checker is to model numerical (null-ness, ranges, etc) pre- and post conditions for standard functions, nothing less, nothing more, and it is technically an error to reimplement this in other checkers. If that is the goal, I guess we have to implement tests for individual functions added in this patch to make sure that these conditions aren't already checked elsewhere.

I didn't read this patch line-by-line, but I trust that its okay if Endre did so.

clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
352โ€“364

D78118#inline-723679 Please mark this Hidden.

358โ€“363

I'm fine with not hiding this, but as a user, why would I never not enable it? If the reasoning is that this isn't ready quite yet, change Released to InAlpha. Otherwise, either mark this Hidden or give a user friendly explanation as to what is there to gain/lose by tinkering with this option.

martong marked 8 inline comments as done.Jun 24 2020, 7:12 AM
martong added inline comments.
clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
352โ€“364

Ok, it missed my attention about that back then.

358โ€“363

Yes, thanks, I wanted to make it similar to alpha checkers, now I know it is InAlpha that I need.

clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp
740

There may be many Decls in the lookup result, but I don't know based on which property would it make sense to sort them. They are essentially stored in the order of creation, so as the parser reads an upcoming Decl.

1591

Yeah, good catch, thanks.

martong updated this revision to Diff 273018.Jun 24 2020, 7:12 AM
martong marked 4 inline comments as done.
  • Add 'Hide' and 'InAlpha', move Off_tMax inside the brace
gamesh411 accepted this revision.Jun 24 2020, 7:51 AM
In D82288#2111206, @Szelethus wrote:

I see a lot of NoEvalCall, but I wonder whether modifying errno warrants this. Shouldn't we have a alongside NoEvalCall and EvalCallAsPure an EvalCallAsPureButInvalidateErrno invalidation kind?

Also, I'm kind of worried by this checker taking on the responsibility of modeling functions by EvalCall, except for a few functions that it also models, but not with EvalCall, it feels clunky. I remember this one time when I [[ https://reviews.llvm.org/D68165?id=222257#inline-612891 | wanted to model alloca()]], which has a __builtin_alloca variant as well, and I spent a good couple hours figuring out that why the descpription {CDF_MaybeBuiltin, "alloca", 1} was causing crashes. Turns out that BuiltinFunctionsChecker EvalCalled the builtin version, but not the other.

In general, I don't think we have a well established stance on whether we use EvalCall, or PreCall+PostCall, and what roles do batch modeling checkers like StdLibraryFunctionsChecker, GenericTaintChecker and BuiltinFunctionsChecker should play alongside mode sophisticated modeling checkers like CStringModeling, DynamicMemoryModeling and StreamChecker. I bet some of us have ideas how this is supposed to be done, but I feel like there is no unified, agreed upon road we're moving towards. This problem came up in D69662 as well. D75612 introduces EvalCalls to StreamChecker, and I was puzzled why this hasn't been a thing in all similar chekers like MallocChecker, which I commented on in D81315#2079457.

It would also be great if we could enforce that no two checkers evaluate the same function.

None of what I said is a problem introduced by this specific patch, but it definitely amplifies it with the modeling of functions such as strncasecmp (should be the responsibility of CStringModeling), strdup (MallocChecker) and popen (StreamChecker). I'd like to see something set in stone, such as what you're eluding to in D75612#inline-690087, that the role of this checker is to model numerical (null-ness, ranges, etc) pre- and post conditions for standard functions, nothing less, nothing more, and it is technically an error to reimplement this in other checkers. If that is the goal, I guess we have to implement tests for individual functions added in this patch to make sure that these conditions aren't already checked elsewhere.

I didn't read this patch line-by-line, but I trust that its okay if Endre did so.

I find this piece of information extremely valuable.
This description about the state we are in right now should prove very educational to whoever embarking on getting the evalCall business done.

I tried to match every signature to the corresponding constraints, and as I found no glaring errors, I will accept this.

This revision is now accepted and ready to land.Jun 24 2020, 7:51 AM
Harbormaster completed remote builds in B61542: Diff 273018.Jun 24 2020, 8:36 AM
martong added a comment.Jun 24 2020, 8:49 AM

Thanks for the review guys!
I understand there are concerns about evalCall, so I am trying to dissolve those concerns below. :)

In D82288#2111206, @Szelethus wrote:

I see a lot of NoEvalCall, but I wonder whether modifying errno warrants this.

Maybe there is a misunderstanding here. Using NoEvalCall results that the function may be evaluated conservatively or evaluated by any other checker:

case NoEvalCall:
  // Summary tells us to avoid performing eval::Call. The function is possibly
  // evaluated by another checker, or evaluated conservatively.
  return false;

In my understanding, it means that errno could be invalidated by any other checker. Consequently, these changes made here are not affecting any existing modeling of errno. (We use NoEvalCall in all functions in this patch.)

Shouldn't we have a alongside NoEvalCall and EvalCallAsPure an EvalCallAsPureButInvalidateErrno invalidation kind?

I'd rather not confuse the terms here. If a function is pure that means it does not have any side effects, i.e. it must not modify the global errno either. On the other hand, I see your point, and this is a good point. But maybe a different naming would be needed: what about EvalCallHereAndInvalidateErrno?
Since all of the functions here are not pure - they have NoEvalCall set -, probably we should have just simply InvalidateErrno rather, what do you think? I agree, that this checker is a good place to invalidate errno where applicable, but If you don't mind I'd rather do that in a subsequent patch to keep the incremental approach.

It would also be great if we could enforce that no two checkers evaluate the same function.

Yes, that would be great, but I don't see any clear solution to achieve that right now, this is really challenging. One very immature idea: Maybe we could have a special option in the engine that is used only in testing and which would let the evaluation to go further even if a checker returned true in evalCall. And if we find a second event like that then we could assert.

None of what I said is a problem introduced by this specific patch

Well, perhaps we should have had this conversation in a form of an RFC in cfe-dev instead. Next time maybe. Now, I am afraid that the review of the concrete changes in this patch are being neglected because the focus may be shifted here on the evalCall returns true problem (which does not happen in this patch).

... the modeling of functions such as strncasecmp (should be the responsibility of CStringModeling), strdup (MallocChecker) and popen (StreamChecker). I'd like to see something set in stone, such as what you're eluding to in D75612#inline-690087, that the role of this checker is to model numerical (null-ness, ranges, etc) pre- and post conditions for standard functions, nothing less, nothing more, and it is technically an error to reimplement this in other checkers. If that is the goal, I guess we have to implement tests for individual functions added in this patch to make sure that these conditions aren't already checked elsewhere.

Yes, there are many standard functions that are modeled in different checkers. Ideally all functions would be modeled in just one checker, I agree.

One goals is to add argument constraints to functions in the C, C++ and POSIX standard. Some of these argument constraints are indeed handled in e.g. CStringModeling. However, it is very easy to gather these argument constraints and apply them massively. By doing this, the analysis can be more precise, so, I see a lot of gain here. Sooner or later popen would be modeled in StreamChecker and then we may remove the summary from here. But if we leave it here that would not be a problem either. I consider this checker as a generic checker and StreamChecker or CStringModeling as a specialized checker. The specialized checkers should be a weak dependency to this generic checker, so any bug related to e.g. popen is prioritized to StreamChecker. That's exactly what we did in D79420.

The other very important goal would be to make it possible to add argument constraints (or branches/cases) to any library functions. These libraries may never be modeled in the analyzer. In this case the problem is non-existent. Perhaps we should divide the checker to two different checkers once we reach that point.

I didn't read this patch line-by-line, but I trust that its okay if Endre did so.

Well, okay :) But, at least one body should go through each line, otherwise how can we make sure that I don't inject some blunder in any of those lines? I don't expect you to check the specification of each function in the POSIX standard, just to have at least a quick look whether the argument constraints match the signature of the functions.

martong added a comment.Jun 24 2020, 8:57 AM

We use NoEvalCall in all functions in this patch

I just now realized that it is actually not true, sorry about that. So, seems like fnmatch, strcasecmp, strncasecmp are EvalCallAsPure. I could skip them from this patch, if you guys consider this as dangerous and to bolster my previous comment.

Szelethus added a comment.EditedJun 24 2020, 9:43 AM

I went through this a lot more thoroughly, as well as the previous patch, and this looks great, especially for an alpha option. I will admit, I'm a bit concerned by the lack of individual tests (what if a stupid interaction with another checker causes issues?), but I feel the need for a scale-able solution and your debug functions serve to help on this. If you don't mind, before I formally accept, it would be great to talk this over in a meeting and/or on cfe-dev, just so that I'm a bit more in the clear on what the direction is.

In D82288#2111759, @martong wrote:

None of what I said is a problem introduced by this specific patch

Well, perhaps we should have had this conversation in a form of an RFC in cfe-dev instead. Next time maybe. Now, I am afraid that the review of the concrete changes in this patch are being neglected because the focus may be shifted here on the evalCall returns true problem (which does not happen in this patch).

Sure, good point, its just that this is the patch in my eye that really grows the impact of this checker (and transitively, the scope of the evalCall problem) above a threshold, which is why my concern was voiced here. But you're totally right, important discussions on design that is outside the scope of a single checker should have more visibility.

But maybe a different naming would be needed: what about EvalCallHereAndInvalidateErrno?
Since all of the functions here are not pure - they have NoEvalCall set -, probably we should have just simply InvalidateErrno rather, what do you think? I agree, that this checker is a good place to invalidate errno where applicable, but If you don't mind I'd rather do that in a subsequent patch to keep the incremental approach.

Either is good, and it would be better in a followup patch indeed.

Yes, there are many standard functions that are modeled in different checkers. Ideally all functions would be modeled in just one checker, I agree.

Thats not the point I wanted to get across -- its fine if multiple checkers model different aspects of the same function, but it should be done consistently, which at the moment isn't. It would be nice to have an agreement (even if that later changes) on where we see function modeling when this checker is a bit more mature. That also deserves its own discussion on cfe-dev.

[...] Sooner or later popen would be modeled in StreamChecker and then we may remove the summary from here. But if we leave it here that would not be a problem either. I consider this checker as a generic checker and StreamChecker or CStringModeling as a specialized checker. The specialized checkers should be a weak dependency to this generic checker, so any bug related to e.g. popen is prioritized to StreamChecker. That's exactly what we did in D79420.

Or, numerical constraints would be checked here, the mentioned checkers would strongly depend on this one. That way, ranges and nullability would be focused here, and more specific functionalities in their respective checkers.

I didn't read this patch line-by-line, but I trust that its okay if Endre did so.

Well, okay :) But, at least one body should go through each line, otherwise how can we make sure that I don't inject some blunder in any of those lines? I don't expect you to check the specification of each function in the POSIX standard, just to have at least a quick look whether the argument constraints match the signature of the functions.

Sure! I would not accept if I didn't have confirmation that someone (possibly me) did do that! :) Just wanted to get the high level stuff out of the way.

martong added a comment.Jul 1 2020, 2:50 AM

Ping

Szelethus accepted this revision.Jul 1 2020, 6:32 AM

The changes proposed in mailing list thread (http://lists.llvm.org/pipermail/cfe-dev/2020-June/066017.html) seem ortogonal to this change. Sorry for the slack today, I just peeked around in MallocChecker to look for conflicts, but it seems like there isn't any :) LGTM!

Closed by commit rGdb4d5f7048a2: [analyzer][StdLibraryFunctionsChecker] Add POSIX file handling functions (authored by martong). ยท Explain WhyJul 2 2020, 5:53 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
clang/
include/
clang/
StaticAnalyzer/
Checkers/
9 lines
lib/
StaticAnalyzer/
Checkers/
605 lines
test/
Analysis/
1 line
178 lines

Diff 275079

clang/include/clang/StaticAnalyzer/Checkers/Checkers.td

Show First 20 Lines โ€ข Show All 343 Lines โ€ข โ–ผ Show 20 Lines
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
let ParentPackage = APIModeling in { let ParentPackage = APIModeling in {
def StdCLibraryFunctionsChecker : Checker<"StdCLibraryFunctions">, def StdCLibraryFunctionsChecker : Checker<"StdCLibraryFunctions">,
HelpText<"Improve modeling of the C standard library functions">, HelpText<"Improve modeling of the C standard library functions">,
Dependencies<[CallAndMessageModeling]>, Dependencies<[CallAndMessageModeling]>,
CheckerOptions<[ CheckerOptions<[
CmdLineOption<Boolean, CmdLineOption<Boolean,
"DisplayLoadedSummaries", "DisplayLoadedSummaries",
"If set to true, the checker displays the found summaries " "If set to true, the checker displays the found summaries "
"for the given translation unit.", "for the given translation unit.",
"false", "false",
Released> Released,
Hide>,
CmdLineOption<Boolean,
"ModelPOSIX",
"If set to true, the checker models functions from the "
"POSIX standard.",
"false",
SzelethusUnsubmitted
Done
ReplyInline Actions

I'm fine with not hiding this, but as a user, why would I never not enable it? If the reasoning is that this isn't ready quite yet, change Released to InAlpha. Otherwise, either mark this Hidden or give a user friendly explanation as to what is there to gain/lose by tinkering with this option.

Szelethus: I'm fine with not hiding this, but as a user, why would I never not enable it? If the reasoningโ€ฆ
martongAuthorUnsubmitted
Done
ReplyInline Actions

Yes, thanks, I wanted to make it similar to alpha checkers, now I know it is InAlpha that I need.

martong: Yes, thanks, I wanted to make it similar to alpha checkers, now I know it is `InAlpha` that Iโ€ฆ
InAlpha>
SzelethusUnsubmitted
Done
ReplyInline Actions

D78118#inline-723679 Please mark this Hidden.

Szelethus: D78118#inline-723679 Please mark this `Hidden`.
martongAuthorUnsubmitted
Done
ReplyInline Actions

Ok, it missed my attention about that back then.

martong: Ok, it missed my attention about that back then.
]>, ]>,
Documentation<NotDocumented>; Documentation<NotDocumented>;
def TrustNonnullChecker : Checker<"TrustNonnull">, def TrustNonnullChecker : Checker<"TrustNonnull">,
HelpText<"Trust that returns from framework methods annotated with _Nonnull " HelpText<"Trust that returns from framework methods annotated with _Nonnull "
"are not null">, "are not null">,
Documentation<NotDocumented>; Documentation<NotDocumented>;
โ–ฒ Show 20 Lines โ€ข Show All 1,281 Lines โ€ข Show Last 20 Lines

clang/lib/StaticAnalyzer/Checkers/StdLibraryFunctionsChecker.cpp

Show First 20 Lines โ€ข Show All 455 Lines โ€ข โ–ผ Show 20 Lines enum CheckKind {
CK_StdCLibraryFunctionArgsChecker, CK_StdCLibraryFunctionArgsChecker,
CK_StdCLibraryFunctionsTesterChecker, CK_StdCLibraryFunctionsTesterChecker,
CK_NumCheckKinds CK_NumCheckKinds
}; };
DefaultBool ChecksEnabled[CK_NumCheckKinds]; DefaultBool ChecksEnabled[CK_NumCheckKinds];
CheckerNameRef CheckNames[CK_NumCheckKinds]; CheckerNameRef CheckNames[CK_NumCheckKinds];
bool DisplayLoadedSummaries = false; bool DisplayLoadedSummaries = false;
bool ModelPOSIX = false;
private: private:
Optional<Summary> findFunctionSummary(const FunctionDecl *FD, Optional<Summary> findFunctionSummary(const FunctionDecl *FD,
CheckerContext &C) const; CheckerContext &C) const;
Optional<Summary> findFunctionSummary(const CallEvent &Call, Optional<Summary> findFunctionSummary(const CallEvent &Call,
CheckerContext &C) const; CheckerContext &C) const;
void initFunctionSummaries(CheckerContext &C) const; void initFunctionSummaries(CheckerContext &C) const;
โ–ฒ Show 20 Lines โ€ข Show All 259 Lines โ€ข โ–ผ Show 20 Linesllvm::Optional<QualType> lookupType(StringRef Name, const ASTContext &ACtx) {
if (LookupRes.size() == 0) if (LookupRes.size() == 0)
return None; return None;
// Prioritze typedef declarations. // Prioritze typedef declarations.
// This is needed in case of C struct typedefs. E.g.: // This is needed in case of C struct typedefs. E.g.:
// typedef struct FILE FILE; // typedef struct FILE FILE;
// In this case, we have a RecordDecl 'struct FILE' with the name 'FILE' and // In this case, we have a RecordDecl 'struct FILE' with the name 'FILE' and
// we have a TypedefDecl with the name 'FILE'. // we have a TypedefDecl with the name 'FILE'.
for (Decl *D : LookupRes) { for (Decl *D : LookupRes)
gamesh411Unsubmitted
Done
ReplyInline Actions

I presume that typically there are only a handful of Decls in LookupRes, so it not worth the complexity of using std::algorithms to sort/partition/find.

gamesh411: I presume that typically there are only a handful of `Decl`s in LookupRes, so it not worth theโ€ฆ
martongAuthorUnsubmitted
Done
ReplyInline Actions

There may be many Decls in the lookup result, but I don't know based on which property would it make sense to sort them. They are essentially stored in the order of creation, so as the parser reads an upcoming Decl.

martong: There may be many `Decl`s in the lookup result, but I don't know based on which property wouldโ€ฆ
if (auto *TD = dyn_cast<TypedefNameDecl>(D)) if (auto *TD = dyn_cast<TypedefNameDecl>(D))
return ACtx.getTypeDeclType(TD).getCanonicalType(); return ACtx.getTypeDeclType(TD).getCanonicalType();
}
assert(LookupRes.size() == 1 && "Type identifier should be unique"); // Find the first TypeDecl.
auto *D = cast<TypeDecl>(LookupRes.front()); // There maybe cases when a function has the same name as a struct.
return ACtx.getTypeDeclType(D).getCanonicalType(); // E.g. in POSIX: `struct stat` and the function `stat()`:
// int stat(const char *restrict path, struct stat *restrict buf);
for (Decl *D : LookupRes)
if (auto *TD = dyn_cast<TypeDecl>(D))
return ACtx.getTypeDeclType(TD).getCanonicalType();
return None;
} }
void StdLibraryFunctionsChecker::initFunctionSummaries( void StdLibraryFunctionsChecker::initFunctionSummaries(
CheckerContext &C) const { CheckerContext &C) const {
if (!FunctionSummaryMap.empty()) if (!FunctionSummaryMap.empty())
return; return;
SValBuilder &SVB = C.getSValBuilder(); SValBuilder &SVB = C.getSValBuilder();
BasicValueFactory &BVF = SVB.getBasicValueFactory(); BasicValueFactory &BVF = SVB.getBasicValueFactory();
const ASTContext &ACtx = BVF.getContext(); const ASTContext &ACtx = BVF.getContext();
// These types are useful for writing specifications quickly, // These types are useful for writing specifications quickly,
// New specifications should probably introduce more types. // New specifications should probably introduce more types.
// Some types are hard to obtain from the AST, eg. "ssize_t". // Some types are hard to obtain from the AST, eg. "ssize_t".
// In such cases it should be possible to provide multiple variants // In such cases it should be possible to provide multiple variants
// of function summary for common cases (eg. ssize_t could be int or long // of function summary for common cases (eg. ssize_t could be int or long
// or long long, so three summary variants would be enough). // or long long, so three summary variants would be enough).
// Of course, function variants are also useful for C++ overloads. // Of course, function variants are also useful for C++ overloads.
const QualType VoidTy = ACtx.VoidTy;
const QualType IntTy = ACtx.IntTy; const QualType IntTy = ACtx.IntTy;
const QualType UnsignedIntTy = ACtx.UnsignedIntTy;
const QualType LongTy = ACtx.LongTy; const QualType LongTy = ACtx.LongTy;
const QualType LongLongTy = ACtx.LongLongTy; const QualType LongLongTy = ACtx.LongLongTy;
const QualType SizeTy = ACtx.getSizeType(); const QualType SizeTy = ACtx.getSizeType();
const QualType VoidPtrTy = ACtx.VoidPtrTy; // void * const QualType VoidPtrTy = ACtx.VoidPtrTy; // void *
const QualType IntPtrTy = ACtx.getPointerType(IntTy); // int *
const QualType UnsignedIntPtrTy =
ACtx.getPointerType(UnsignedIntTy); // unsigned int *
const QualType VoidPtrRestrictTy = const QualType VoidPtrRestrictTy =
ACtx.getLangOpts().C99 ? ACtx.getRestrictType(VoidPtrTy) // void *restrict ACtx.getLangOpts().C99 ? ACtx.getRestrictType(VoidPtrTy) // void *restrict
: VoidPtrTy; : VoidPtrTy;
const QualType ConstVoidPtrTy = const QualType ConstVoidPtrTy =
ACtx.getPointerType(ACtx.VoidTy.withConst()); // const void * ACtx.getPointerType(ACtx.VoidTy.withConst()); // const void *
const QualType CharPtrTy = ACtx.getPointerType(ACtx.CharTy); // char *
const QualType CharPtrRestrictTy =
ACtx.getLangOpts().C99 ? ACtx.getRestrictType(CharPtrTy) // char *restrict
: CharPtrTy;
const QualType ConstCharPtrTy = const QualType ConstCharPtrTy =
ACtx.getPointerType(ACtx.CharTy.withConst()); // const char * ACtx.getPointerType(ACtx.CharTy.withConst()); // const char *
const QualType ConstCharPtrRestrictTy =
ACtx.getLangOpts().C99
? ACtx.getRestrictType(ConstCharPtrTy) // const char *restrict
: ConstCharPtrTy;
const QualType Wchar_tPtrTy = ACtx.getPointerType(ACtx.WCharTy); // wchar_t *
const QualType ConstWchar_tPtrTy =
ACtx.getPointerType(ACtx.WCharTy.withConst()); // const wchar_t *
const QualType ConstVoidPtrRestrictTy = const QualType ConstVoidPtrRestrictTy =
ACtx.getLangOpts().C99 ACtx.getLangOpts().C99
? ACtx.getRestrictType(ConstVoidPtrTy) // const void *restrict ? ACtx.getRestrictType(ConstVoidPtrTy) // const void *restrict
: ConstVoidPtrTy; : ConstVoidPtrTy;
const RangeInt IntMax = BVF.getMaxValue(IntTy).getLimitedValue(); const RangeInt IntMax = BVF.getMaxValue(IntTy).getLimitedValue();
const RangeInt UnsignedIntMax =
BVF.getMaxValue(UnsignedIntTy).getLimitedValue();
const RangeInt LongMax = BVF.getMaxValue(LongTy).getLimitedValue(); const RangeInt LongMax = BVF.getMaxValue(LongTy).getLimitedValue();
const RangeInt LongLongMax = BVF.getMaxValue(LongLongTy).getLimitedValue(); const RangeInt LongLongMax = BVF.getMaxValue(LongLongTy).getLimitedValue();
const RangeInt SizeMax = BVF.getMaxValue(SizeTy).getLimitedValue();
// Set UCharRangeMax to min of int or uchar maximum value. // Set UCharRangeMax to min of int or uchar maximum value.
// The C standard states that the arguments of functions like isalpha must // The C standard states that the arguments of functions like isalpha must
// be representable as an unsigned char. Their type is 'int', so the max // be representable as an unsigned char. Their type is 'int', so the max
// value of the argument should be min(UCharMax, IntMax). This just happen // value of the argument should be min(UCharMax, IntMax). This just happen
// to be true for commonly used and well tested instruction set // to be true for commonly used and well tested instruction set
// architectures, but not for others. // architectures, but not for others.
const RangeInt UCharRangeMax = const RangeInt UCharRangeMax =
โ–ฒ Show 20 Lines โ€ข Show All 313 Lines โ€ข โ–ผ Show 20 Linesvoid StdLibraryFunctionsChecker::initFunctionSummaries(
// should handle them together with the rest of the POSIX functions. // should handle them together with the rest of the POSIX functions.
addToFunctionSummaryMap("getline", addToFunctionSummaryMap("getline",
{Getline(IntTy, IntMax), Getline(LongTy, LongMax), {Getline(IntTy, IntMax), Getline(LongTy, LongMax),
Getline(LongLongTy, LongLongMax)}); Getline(LongLongTy, LongLongMax)});
addToFunctionSummaryMap("getdelim", addToFunctionSummaryMap("getdelim",
{Getline(IntTy, IntMax), Getline(LongTy, LongMax), {Getline(IntTy, IntMax), Getline(LongTy, LongMax),
Getline(LongLongTy, LongLongMax)}); Getline(LongLongTy, LongLongMax)});
if (ModelPOSIX) {
// long a64l(const char *str64);
addToFunctionSummaryMap(
"a64l", Summary(ArgTypes{ConstCharPtrTy}, RetType{LongTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// char *l64a(long value);
addToFunctionSummaryMap(
"l64a", Summary(ArgTypes{LongTy}, RetType{CharPtrTy}, NoEvalCall)
.ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, LongMax))));
// int access(const char *pathname, int amode);
addToFunctionSummaryMap("access", Summary(ArgTypes{ConstCharPtrTy, IntTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// int faccessat(int dirfd, const char *pathname, int mode, int flags);
addToFunctionSummaryMap(
"faccessat", Summary(ArgTypes{IntTy, ConstCharPtrTy, IntTy, IntTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(1))));
// int dup(int fildes);
addToFunctionSummaryMap(
"dup", Summary(ArgTypes{IntTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// int dup2(int fildes1, int filedes2);
addToFunctionSummaryMap(
"dup2",
Summary(ArgTypes{IntTy, IntTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(
ArgumentCondition(1, WithinRange, Range(0, IntMax))));
// int fdatasync(int fildes);
addToFunctionSummaryMap(
"fdatasync", Summary(ArgTypes{IntTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange,
Range(0, IntMax))));
// int fnmatch(const char *pattern, const char *string, int flags);
addToFunctionSummaryMap(
"fnmatch", Summary(ArgTypes{ConstCharPtrTy, ConstCharPtrTy, IntTy},
RetType{IntTy}, EvalCallAsPure)
.ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1))));
// int fsync(int fildes);
addToFunctionSummaryMap(
"fsync", Summary(ArgTypes{IntTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))));
Optional<QualType> Off_tTy = lookupType("off_t", ACtx);
if (Off_tTy)
// int truncate(const char *path, off_t length);
addToFunctionSummaryMap("truncate",
Summary(ArgTypes{ConstCharPtrTy, *Off_tTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// int symlink(const char *oldpath, const char *newpath);
addToFunctionSummaryMap("symlink",
Summary(ArgTypes{ConstCharPtrTy, ConstCharPtrTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1))));
// int symlinkat(const char *oldpath, int newdirfd, const char *newpath);
addToFunctionSummaryMap(
"symlinkat",
Summary(ArgTypes{ConstCharPtrTy, IntTy, ConstCharPtrTy}, RetType{IntTy},
NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(ArgumentCondition(1, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(2))));
if (Off_tTy)
// int lockf(int fd, int cmd, off_t len);
addToFunctionSummaryMap(
"lockf",
Summary(ArgTypes{IntTy, IntTy, *Off_tTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))));
Optional<QualType> Mode_tTy = lookupType("mode_t", ACtx);
if (Mode_tTy)
// int creat(const char *pathname, mode_t mode);
addToFunctionSummaryMap("creat",
Summary(ArgTypes{ConstCharPtrTy, *Mode_tTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// unsigned int sleep(unsigned int seconds);
addToFunctionSummaryMap(
"sleep",
Summary(ArgTypes{UnsignedIntTy}, RetType{UnsignedIntTy}, NoEvalCall)
.ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, UnsignedIntMax))));
Optional<QualType> DirTy = lookupType("DIR", ACtx);
Optional<QualType> DirPtrTy;
if (DirTy)
DirPtrTy = ACtx.getPointerType(*DirTy);
if (DirPtrTy)
// int dirfd(DIR *dirp);
addToFunctionSummaryMap(
"dirfd", Summary(ArgTypes{*DirPtrTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// unsigned int alarm(unsigned int seconds);
addToFunctionSummaryMap(
"alarm",
Summary(ArgTypes{UnsignedIntTy}, RetType{UnsignedIntTy}, NoEvalCall)
.ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, UnsignedIntMax))));
if (DirPtrTy)
// int closedir(DIR *dir);
addToFunctionSummaryMap(
"closedir", Summary(ArgTypes{*DirPtrTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// char *strdup(const char *s);
addToFunctionSummaryMap("strdup", Summary(ArgTypes{ConstCharPtrTy},
RetType{CharPtrTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// char *strndup(const char *s, size_t n);
addToFunctionSummaryMap(
"strndup", Summary(ArgTypes{ConstCharPtrTy, SizeTy}, RetType{CharPtrTy},
NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(ArgumentCondition(1, WithinRange,
Range(0, SizeMax))));
// wchar_t *wcsdup(const wchar_t *s);
addToFunctionSummaryMap("wcsdup", Summary(ArgTypes{ConstWchar_tPtrTy},
RetType{Wchar_tPtrTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// int mkstemp(char *template);
addToFunctionSummaryMap(
"mkstemp", Summary(ArgTypes{CharPtrTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// char *mkdtemp(char *template);
addToFunctionSummaryMap(
"mkdtemp", Summary(ArgTypes{CharPtrTy}, RetType{CharPtrTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// char *getcwd(char *buf, size_t size);
addToFunctionSummaryMap(
"getcwd",
Summary(ArgTypes{CharPtrTy, SizeTy}, RetType{CharPtrTy}, NoEvalCall)
.ArgConstraint(
ArgumentCondition(1, WithinRange, Range(0, SizeMax))));
if (Mode_tTy) {
// int mkdir(const char *pathname, mode_t mode);
addToFunctionSummaryMap("mkdir",
Summary(ArgTypes{ConstCharPtrTy, *Mode_tTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// int mkdirat(int dirfd, const char *pathname, mode_t mode);
addToFunctionSummaryMap(
"mkdirat", Summary(ArgTypes{IntTy, ConstCharPtrTy, *Mode_tTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(1))));
}
Optional<QualType> Dev_tTy = lookupType("dev_t", ACtx);
if (Mode_tTy && Dev_tTy) {
// int mknod(const char *pathname, mode_t mode, dev_t dev);
addToFunctionSummaryMap(
"mknod", Summary(ArgTypes{ConstCharPtrTy, *Mode_tTy, *Dev_tTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// int mknodat(int dirfd, const char *pathname, mode_t mode, dev_t dev);
addToFunctionSummaryMap("mknodat", Summary(ArgTypes{IntTy, ConstCharPtrTy,
*Mode_tTy, *Dev_tTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(1))));
}
if (Mode_tTy) {
// int chmod(const char *path, mode_t mode);
addToFunctionSummaryMap("chmod",
Summary(ArgTypes{ConstCharPtrTy, *Mode_tTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// int fchmodat(int dirfd, const char *pathname, mode_t mode, int flags);
addToFunctionSummaryMap(
"fchmodat", Summary(ArgTypes{IntTy, ConstCharPtrTy, *Mode_tTy, IntTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange,
Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))));
// int fchmod(int fildes, mode_t mode);
addToFunctionSummaryMap(
"fchmod",
Summary(ArgTypes{IntTy, *Mode_tTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))));
}
Optional<QualType> Uid_tTy = lookupType("uid_t", ACtx);
Optional<QualType> Gid_tTy = lookupType("gid_t", ACtx);
if (Uid_tTy && Gid_tTy) {
// int fchownat(int dirfd, const char *pathname, uid_t owner, gid_t group,
// int flags);
addToFunctionSummaryMap(
"fchownat",
Summary(ArgTypes{IntTy, ConstCharPtrTy, *Uid_tTy, *Gid_tTy, IntTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))));
// int chown(const char *path, uid_t owner, gid_t group);
addToFunctionSummaryMap(
"chown", Summary(ArgTypes{ConstCharPtrTy, *Uid_tTy, *Gid_tTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// int lchown(const char *path, uid_t owner, gid_t group);
addToFunctionSummaryMap(
"lchown", Summary(ArgTypes{ConstCharPtrTy, *Uid_tTy, *Gid_tTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// int fchown(int fildes, uid_t owner, gid_t group);
addToFunctionSummaryMap(
"fchown", Summary(ArgTypes{IntTy, *Uid_tTy, *Gid_tTy}, RetType{IntTy},
NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange,
Range(0, IntMax))));
}
// int rmdir(const char *pathname);
addToFunctionSummaryMap(
"rmdir", Summary(ArgTypes{ConstCharPtrTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// int chdir(const char *path);
addToFunctionSummaryMap(
"chdir", Summary(ArgTypes{ConstCharPtrTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// int link(const char *oldpath, const char *newpath);
addToFunctionSummaryMap("link",
Summary(ArgTypes{ConstCharPtrTy, ConstCharPtrTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1))));
// int linkat(int fd1, const char *path1, int fd2, const char *path2,
// int flag);
addToFunctionSummaryMap(
"linkat",
Summary(ArgTypes{IntTy, ConstCharPtrTy, IntTy, ConstCharPtrTy, IntTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(ArgumentCondition(2, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(3))));
// int unlink(const char *pathname);
addToFunctionSummaryMap(
"unlink", Summary(ArgTypes{ConstCharPtrTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// int unlinkat(int fd, const char *path, int flag);
addToFunctionSummaryMap(
"unlinkat",
Summary(ArgTypes{IntTy, ConstCharPtrTy, IntTy}, RetType{IntTy},
NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))));
Optional<QualType> StructStatTy = lookupType("stat", ACtx);
Optional<QualType> StructStatPtrTy, StructStatPtrRestrictTy;
if (StructStatTy) {
StructStatPtrTy = ACtx.getPointerType(*StructStatTy);
StructStatPtrRestrictTy = ACtx.getLangOpts().C99
? ACtx.getRestrictType(*StructStatPtrTy)
: *StructStatPtrTy;
}
if (StructStatPtrTy)
// int fstat(int fd, struct stat *statbuf);
addToFunctionSummaryMap(
"fstat",
Summary(ArgTypes{IntTy, *StructStatPtrTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))));
if (StructStatPtrRestrictTy) {
// int stat(const char *restrict path, struct stat *restrict buf);
addToFunctionSummaryMap(
"stat",
Summary(ArgTypes{ConstCharPtrRestrictTy, *StructStatPtrRestrictTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1))));
// int lstat(const char *restrict path, struct stat *restrict buf);
addToFunctionSummaryMap(
"lstat",
Summary(ArgTypes{ConstCharPtrRestrictTy, *StructStatPtrRestrictTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1))));
// int fstatat(int fd, const char *restrict path,
// struct stat *restrict buf, int flag);
addToFunctionSummaryMap(
"fstatat", Summary(ArgTypes{IntTy, ConstCharPtrRestrictTy,
*StructStatPtrRestrictTy, IntTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange,
Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(2))));
}
if (DirPtrTy) {
// DIR *opendir(const char *name);
addToFunctionSummaryMap("opendir", Summary(ArgTypes{ConstCharPtrTy},
RetType{*DirPtrTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// DIR *fdopendir(int fd);
addToFunctionSummaryMap(
"fdopendir", Summary(ArgTypes{IntTy}, RetType{*DirPtrTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange,
Range(0, IntMax))));
}
// int isatty(int fildes);
addToFunctionSummaryMap(
"isatty", Summary(ArgTypes{IntTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))));
if (FilePtrTy) {
// FILE *popen(const char *command, const char *type);
addToFunctionSummaryMap("popen",
Summary(ArgTypes{ConstCharPtrTy, ConstCharPtrTy},
RetType{*FilePtrTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1))));
// int pclose(FILE *stream);
addToFunctionSummaryMap(
"pclose", Summary(ArgTypes{*FilePtrTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
}
// int close(int fildes);
addToFunctionSummaryMap(
"close", Summary(ArgTypes{IntTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// long fpathconf(int fildes, int name);
addToFunctionSummaryMap(
"fpathconf",
Summary(ArgTypes{IntTy, IntTy}, RetType{LongTy}, NoEvalCall)
.ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax))));
// long pathconf(const char *path, int name);
addToFunctionSummaryMap("pathconf", Summary(ArgTypes{ConstCharPtrTy, IntTy},
RetType{LongTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
if (FilePtrTy)
// FILE *fdopen(int fd, const char *mode);
addToFunctionSummaryMap(
"fdopen", Summary(ArgTypes{IntTy, ConstCharPtrTy},
RetType{*FilePtrTy}, NoEvalCall)
.ArgConstraint(
ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1))));
if (DirPtrTy) {
// void rewinddir(DIR *dir);
addToFunctionSummaryMap(
"rewinddir", Summary(ArgTypes{*DirPtrTy}, RetType{VoidTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// void seekdir(DIR *dirp, long loc);
addToFunctionSummaryMap("seekdir", Summary(ArgTypes{*DirPtrTy, LongTy},
RetType{VoidTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
}
// int rand_r(unsigned int *seedp);
addToFunctionSummaryMap("rand_r", Summary(ArgTypes{UnsignedIntPtrTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// int strcasecmp(const char *s1, const char *s2);
addToFunctionSummaryMap("strcasecmp",
Summary(ArgTypes{ConstCharPtrTy, ConstCharPtrTy},
RetType{IntTy}, EvalCallAsPure)
.ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1))));
// int strncasecmp(const char *s1, const char *s2, size_t n);
addToFunctionSummaryMap(
"strncasecmp", Summary(ArgTypes{ConstCharPtrTy, ConstCharPtrTy, SizeTy},
RetType{IntTy}, EvalCallAsPure)
.ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(ArgumentCondition(
2, WithinRange, Range(0, SizeMax))));
if (FilePtrTy && Off_tTy) {
// int fileno(FILE *stream);
addToFunctionSummaryMap(
"fileno", Summary(ArgTypes{*FilePtrTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// int fseeko(FILE *stream, off_t offset, int whence);
addToFunctionSummaryMap("fseeko",
Summary(ArgTypes{*FilePtrTy, *Off_tTy, IntTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// off_t ftello(FILE *stream);
addToFunctionSummaryMap(
"ftello", Summary(ArgTypes{*FilePtrTy}, RetType{*Off_tTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
}
if (Off_tTy) {
gamesh411Unsubmitted
Done
ReplyInline Actions

If Off_tMax is only used in the if block that follows, consider moving it's declaration inside.

gamesh411: If `Off_tMax` is only used in the if block that follows, consider moving it's declarationโ€ฆ
martongAuthorUnsubmitted
Done
ReplyInline Actions

Yeah, good catch, thanks.

martong: Yeah, good catch, thanks.
Optional<RangeInt> Off_tMax = BVF.getMaxValue(*Off_tTy).getLimitedValue();
// void *mmap(void *addr, size_t length, int prot, int flags, int fd,
// off_t offset);
addToFunctionSummaryMap(
"mmap",
Summary(ArgTypes{VoidPtrTy, SizeTy, IntTy, IntTy, IntTy, *Off_tTy},
RetType{VoidPtrTy}, NoEvalCall)
.ArgConstraint(
ArgumentCondition(1, WithinRange, Range(1, SizeMax)))
.ArgConstraint(
ArgumentCondition(4, WithinRange, Range(0, *Off_tMax))));
}
Optional<QualType> Off64_tTy = lookupType("off64_t", ACtx);
Optional<RangeInt> Off64_tMax;
if (Off64_tTy) {
Off64_tMax = BVF.getMaxValue(*Off_tTy).getLimitedValue();
// void *mmap64(void *addr, size_t length, int prot, int flags, int fd,
// off64_t offset);
addToFunctionSummaryMap(
"mmap64",
Summary(ArgTypes{VoidPtrTy, SizeTy, IntTy, IntTy, IntTy, *Off64_tTy},
RetType{VoidPtrTy}, NoEvalCall)
.ArgConstraint(
ArgumentCondition(1, WithinRange, Range(1, SizeMax)))
.ArgConstraint(
ArgumentCondition(4, WithinRange, Range(0, *Off64_tMax))));
}
// int pipe(int fildes[2]);
addToFunctionSummaryMap(
"pipe", Summary(ArgTypes{IntPtrTy}, RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
if (Off_tTy)
// off_t lseek(int fildes, off_t offset, int whence);
addToFunctionSummaryMap(
"lseek", Summary(ArgTypes{IntTy, *Off_tTy, IntTy}, RetType{*Off_tTy},
NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange,
Range(0, IntMax))));
Optional<QualType> Ssize_tTy = lookupType("ssize_t", ACtx);
if (Ssize_tTy) {
// ssize_t readlink(const char *restrict path, char *restrict buf,
// size_t bufsize);
addToFunctionSummaryMap(
"readlink",
Summary(ArgTypes{ConstCharPtrRestrictTy, CharPtrRestrictTy, SizeTy},
RetType{*Ssize_tTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0)))
.ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(1),
/*BufSize=*/ArgNo(2)))
.ArgConstraint(
ArgumentCondition(2, WithinRange, Range(0, SizeMax))));
// ssize_t readlinkat(int fd, const char *restrict path,
// char *restrict buf, size_t bufsize);
addToFunctionSummaryMap(
"readlinkat", Summary(ArgTypes{IntTy, ConstCharPtrRestrictTy,
CharPtrRestrictTy, SizeTy},
RetType{*Ssize_tTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange,
Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(2)))
.ArgConstraint(BufferSize(/*Buffer=*/ArgNo(2),
/*BufSize=*/ArgNo(3)))
.ArgConstraint(ArgumentCondition(
3, WithinRange, Range(0, SizeMax))));
}
// int renameat(int olddirfd, const char *oldpath, int newdirfd, const char
// *newpath);
addToFunctionSummaryMap("renameat", Summary(ArgTypes{IntTy, ConstCharPtrTy,
IntTy, ConstCharPtrTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(3))));
// char *realpath(const char *restrict file_name,
// char *restrict resolved_name);
addToFunctionSummaryMap(
"realpath", Summary(ArgTypes{ConstCharPtrRestrictTy, CharPtrRestrictTy},
RetType{CharPtrTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
QualType CharPtrConstPtr = ACtx.getPointerType(CharPtrTy.withConst());
// int execv(const char *path, char *const argv[]);
addToFunctionSummaryMap("execv",
Summary(ArgTypes{ConstCharPtrTy, CharPtrConstPtr},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// int execvp(const char *file, char *const argv[]);
addToFunctionSummaryMap("execvp",
Summary(ArgTypes{ConstCharPtrTy, CharPtrConstPtr},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(NotNull(ArgNo(0))));
// int getopt(int argc, char * const argv[], const char *optstring);
addToFunctionSummaryMap(
"getopt",
Summary(ArgTypes{IntTy, CharPtrConstPtr, ConstCharPtrTy},
RetType{IntTy}, NoEvalCall)
.ArgConstraint(ArgumentCondition(0, WithinRange, Range(0, IntMax)))
.ArgConstraint(NotNull(ArgNo(1)))
.ArgConstraint(NotNull(ArgNo(2))));
}
// Functions for testing. // Functions for testing.
if (ChecksEnabled[CK_StdCLibraryFunctionsTesterChecker]) { if (ChecksEnabled[CK_StdCLibraryFunctionsTesterChecker]) {
addToFunctionSummaryMap( addToFunctionSummaryMap(
"__two_constrained_args", "__two_constrained_args",
Summary(ArgTypes{IntTy, IntTy}, RetType{IntTy}, EvalCallAsPure) Summary(ArgTypes{IntTy, IntTy}, RetType{IntTy}, EvalCallAsPure)
.ArgConstraint(ArgumentCondition(0U, WithinRange, SingleValue(1))) .ArgConstraint(ArgumentCondition(0U, WithinRange, SingleValue(1)))
.ArgConstraint(ArgumentCondition(1U, WithinRange, SingleValue(1)))); .ArgConstraint(ArgumentCondition(1U, WithinRange, SingleValue(1))));
addToFunctionSummaryMap( addToFunctionSummaryMap(
Show All 25 Linesvoid StdLibraryFunctionsChecker::initFunctionSummaries(
} }
} }
void ento::registerStdCLibraryFunctionsChecker(CheckerManager &mgr) { void ento::registerStdCLibraryFunctionsChecker(CheckerManager &mgr) {
auto *Checker = mgr.registerChecker<StdLibraryFunctionsChecker>(); auto *Checker = mgr.registerChecker<StdLibraryFunctionsChecker>();
Checker->DisplayLoadedSummaries = Checker->DisplayLoadedSummaries =
mgr.getAnalyzerOptions().getCheckerBooleanOption( mgr.getAnalyzerOptions().getCheckerBooleanOption(
Checker, "DisplayLoadedSummaries"); Checker, "DisplayLoadedSummaries");
Checker->ModelPOSIX =
mgr.getAnalyzerOptions().getCheckerBooleanOption(Checker, "ModelPOSIX");
} }
bool ento::shouldRegisterStdCLibraryFunctionsChecker(const CheckerManager &mgr) { bool ento::shouldRegisterStdCLibraryFunctionsChecker(const CheckerManager &mgr) {
return true; return true;
} }
#define REGISTER_CHECKER(name) \ #define REGISTER_CHECKER(name) \
void ento::register##name(CheckerManager &mgr) { \ void ento::register##name(CheckerManager &mgr) { \
Show All 11 Lines

clang/test/Analysis/analyzer-config.c

// RUN: %clang_analyze_cc1 -analyzer-checker=debug.ConfigDumper > %t 2>&1 // RUN: %clang_analyze_cc1 -analyzer-checker=debug.ConfigDumper > %t 2>&1
// RUN: FileCheck --input-file=%t %s --match-full-lines // RUN: FileCheck --input-file=%t %s --match-full-lines
// CHECK: [config] // CHECK: [config]
// CHECK-NEXT: add-pop-up-notes = true // CHECK-NEXT: add-pop-up-notes = true
// CHECK-NEXT: aggressive-binary-operation-simplification = false // CHECK-NEXT: aggressive-binary-operation-simplification = false
// CHECK-NEXT: alpha.clone.CloneChecker:IgnoredFilesPattern = "" // CHECK-NEXT: alpha.clone.CloneChecker:IgnoredFilesPattern = ""
// CHECK-NEXT: alpha.clone.CloneChecker:MinimumCloneComplexity = 50 // CHECK-NEXT: alpha.clone.CloneChecker:MinimumCloneComplexity = 50
// CHECK-NEXT: alpha.clone.CloneChecker:ReportNormalClones = true // CHECK-NEXT: alpha.clone.CloneChecker:ReportNormalClones = true
// CHECK-NEXT: alpha.cplusplus.STLAlgorithmModeling:AggressiveStdFindModeling = false // CHECK-NEXT: alpha.cplusplus.STLAlgorithmModeling:AggressiveStdFindModeling = false
// CHECK-NEXT: alpha.osx.cocoa.DirectIvarAssignment:AnnotatedFunctions = false // CHECK-NEXT: alpha.osx.cocoa.DirectIvarAssignment:AnnotatedFunctions = false
// CHECK-NEXT: alpha.security.MmapWriteExec:MmapProtExec = 0x04 // CHECK-NEXT: alpha.security.MmapWriteExec:MmapProtExec = 0x04
// CHECK-NEXT: alpha.security.MmapWriteExec:MmapProtRead = 0x01 // CHECK-NEXT: alpha.security.MmapWriteExec:MmapProtRead = 0x01
// CHECK-NEXT: alpha.security.taint.TaintPropagation:Config = "" // CHECK-NEXT: alpha.security.taint.TaintPropagation:Config = ""
// CHECK-NEXT: apiModeling.StdCLibraryFunctions:DisplayLoadedSummaries = false // CHECK-NEXT: apiModeling.StdCLibraryFunctions:DisplayLoadedSummaries = false
// CHECK-NEXT: apiModeling.StdCLibraryFunctions:ModelPOSIX = false
// CHECK-NEXT: apply-fixits = false // CHECK-NEXT: apply-fixits = false
// CHECK-NEXT: avoid-suppressing-null-argument-paths = false // CHECK-NEXT: avoid-suppressing-null-argument-paths = false
// CHECK-NEXT: c++-allocator-inlining = true // CHECK-NEXT: c++-allocator-inlining = true
// CHECK-NEXT: c++-container-inlining = false // CHECK-NEXT: c++-container-inlining = false
// CHECK-NEXT: c++-inlining = destructors // CHECK-NEXT: c++-inlining = destructors
// CHECK-NEXT: c++-shared_ptr-inlining = false // CHECK-NEXT: c++-shared_ptr-inlining = false
// CHECK-NEXT: c++-stdlib-inlining = true // CHECK-NEXT: c++-stdlib-inlining = true
// CHECK-NEXT: c++-temp-dtor-inlining = true // CHECK-NEXT: c++-temp-dtor-inlining = true
โ–ฒ Show 20 Lines โ€ข Show All 95 Lines โ€ข Show Last 20 Lines

clang/test/Analysis/std-c-library-functions-POSIX.c

  • This file was added.
// RUN: %clang_analyze_cc1 %s \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=apiModeling.StdCLibraryFunctions \
// RUN: -analyzer-config apiModeling.StdCLibraryFunctions:ModelPOSIX=true \
// RUN: -analyzer-config apiModeling.StdCLibraryFunctions:DisplayLoadedSummaries=true \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config eagerly-assume=false \
// RUN: -triple i686-unknown-linux 2>&1 | FileCheck %s
// CHECK: Loaded summary for: long a64l(const char *str64)
// CHECK: Loaded summary for: char *l64a(long value)
// CHECK: Loaded summary for: int access(const char *pathname, int amode)
// CHECK: Loaded summary for: int faccessat(int dirfd, const char *pathname, int mode, int flags)
// CHECK: Loaded summary for: int dup(int fildes)
// CHECK: Loaded summary for: int dup2(int fildes1, int filedes2)
// CHECK: Loaded summary for: int fdatasync(int fildes)
// CHECK: Loaded summary for: int fnmatch(const char *pattern, const char *string, int flags)
// CHECK: Loaded summary for: int fsync(int fildes)
// CHECK: Loaded summary for: int truncate(const char *path, off_t length)
// CHECK: Loaded summary for: int symlink(const char *oldpath, const char *newpath)
// CHECK: Loaded summary for: int symlinkat(const char *oldpath, int newdirfd, const char *newpath)
// CHECK: Loaded summary for: int lockf(int fd, int cmd, off_t len)
// CHECK: Loaded summary for: int creat(const char *pathname, mode_t mode)
// CHECK: Loaded summary for: unsigned int sleep(unsigned int seconds)
// CHECK: Loaded summary for: int dirfd(DIR *dirp)
// CHECK: Loaded summary for: unsigned int alarm(unsigned int seconds)
// CHECK: Loaded summary for: int closedir(DIR *dir)
// CHECK: Loaded summary for: char *strdup(const char *s)
// CHECK: Loaded summary for: char *strndup(const char *s, size_t n)
// CHECK: Loaded summary for: int mkstemp(char *template)
// CHECK: Loaded summary for: char *mkdtemp(char *template)
// CHECK: Loaded summary for: char *getcwd(char *buf, size_t size)
// CHECK: Loaded summary for: int mkdir(const char *pathname, mode_t mode)
// CHECK: Loaded summary for: int mkdirat(int dirfd, const char *pathname, mode_t mode)
// CHECK: Loaded summary for: int mknod(const char *pathname, mode_t mode, dev_t dev)
// CHECK: Loaded summary for: int mknodat(int dirfd, const char *pathname, mode_t mode, dev_t dev)
// CHECK: Loaded summary for: int chmod(const char *path, mode_t mode)
// CHECK: Loaded summary for: int fchmodat(int dirfd, const char *pathname, mode_t mode, int flags)
// CHECK: Loaded summary for: int fchmod(int fildes, mode_t mode)
// CHECK: Loaded summary for: int fchownat(int dirfd, const char *pathname, uid_t owner, gid_t group, int flags)
// CHECK: Loaded summary for: int chown(const char *path, uid_t owner, gid_t group)
// CHECK: Loaded summary for: int lchown(const char *path, uid_t owner, gid_t group)
// CHECK: Loaded summary for: int fchown(int fildes, uid_t owner, gid_t group)
// CHECK: Loaded summary for: int rmdir(const char *pathname)
// CHECK: Loaded summary for: int chdir(const char *path)
// CHECK: Loaded summary for: int link(const char *oldpath, const char *newpath)
// CHECK: Loaded summary for: int linkat(int fd1, const char *path1, int fd2, const char *path2, int flag)
// CHECK: Loaded summary for: int unlink(const char *pathname)
// CHECK: Loaded summary for: int unlinkat(int fd, const char *path, int flag)
// CHECK: Loaded summary for: int fstat(int fd, struct stat *statbuf)
// CHECK: Loaded summary for: int stat(const char *restrict path, struct stat *restrict buf)
// CHECK: Loaded summary for: int lstat(const char *restrict path, struct stat *restrict buf)
// CHECK: Loaded summary for: int fstatat(int fd, const char *restrict path, struct stat *restrict buf, int flag)
// CHECK: Loaded summary for: DIR *opendir(const char *name)
// CHECK: Loaded summary for: DIR *fdopendir(int fd)
// CHECK: Loaded summary for: int isatty(int fildes)
// CHECK: Loaded summary for: FILE *popen(const char *command, const char *type)
// CHECK: Loaded summary for: int pclose(FILE *stream)
// CHECK: Loaded summary for: int close(int fildes)
// CHECK: Loaded summary for: long fpathconf(int fildes, int name)
// CHECK: Loaded summary for: long pathconf(const char *path, int name)
// CHECK: Loaded summary for: FILE *fdopen(int fd, const char *mode)
// CHECK: Loaded summary for: void rewinddir(DIR *dir)
// CHECK: Loaded summary for: void seekdir(DIR *dirp, long loc)
// CHECK: Loaded summary for: int rand_r(unsigned int *seedp)
// CHECK: Loaded summary for: int strcasecmp(const char *s1, const char *s2)
// CHECK: Loaded summary for: int strncasecmp(const char *s1, const char *s2, size_t n)
// CHECK: Loaded summary for: int fileno(FILE *stream)
// CHECK: Loaded summary for: int fseeko(FILE *stream, off_t offset, int whence)
// CHECK: Loaded summary for: off_t ftello(FILE *stream)
// CHECK: Loaded summary for: void *mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset)
// CHECK: Loaded summary for: void *mmap64(void *addr, size_t length, int prot, int flags, int fd, off64_t offset)
// CHECK: Loaded summary for: int pipe(int fildes[2])
// CHECK: Loaded summary for: off_t lseek(int fildes, off_t offset, int whence)
// CHECK: Loaded summary for: ssize_t readlink(const char *restrict path, char *restrict buf, size_t bufsize)
// CHECK: Loaded summary for: ssize_t readlinkat(int fd, const char *restrict path, char *restrict buf, size_t bufsize)
// CHECK: Loaded summary for: int renameat(int olddirfd, const char *oldpath, int newdirfd, const char *newpath)
// CHECK: Loaded summary for: char *realpath(const char *restrict file_name, char *restrict resolved_name)
// CHECK: Loaded summary for: int execv(const char *path, char *const argv[])
// CHECK: Loaded summary for: int execvp(const char *file, char *const argv[])
// CHECK: Loaded summary for: int getopt(int argc, char *const argv[], const char *optstring)
long a64l(const char *str64);
char *l64a(long value);
int access(const char *pathname, int amode);
int faccessat(int dirfd, const char *pathname, int mode, int flags);
int dup(int fildes);
int dup2(int fildes1, int filedes2);
int fdatasync(int fildes);
int fnmatch(const char *pattern, const char *string, int flags);
int fsync(int fildes);
typedef unsigned long off_t;
int truncate(const char *path, off_t length);
int symlink(const char *oldpath, const char *newpath);
int symlinkat(const char *oldpath, int newdirfd, const char *newpath);
int lockf(int fd, int cmd, off_t len);
typedef unsigned mode_t;
int creat(const char *pathname, mode_t mode);
unsigned int sleep(unsigned int seconds);
typedef struct {
int a;
} DIR;
int dirfd(DIR *dirp);
unsigned int alarm(unsigned int seconds);
int closedir(DIR *dir);
char *strdup(const char *s);
typedef typeof(sizeof(int)) size_t;
char *strndup(const char *s, size_t n);
/*FIXME How to define wchar_t in the test?*/
/*typedef __wchar_t wchar_t;*/
/*wchar_t *wcsdup(const wchar_t *s);*/
int mkstemp(char *template);
char *mkdtemp(char *template);
char *getcwd(char *buf, size_t size);
int mkdir(const char *pathname, mode_t mode);
int mkdirat(int dirfd, const char *pathname, mode_t mode);
typedef int dev_t;
int mknod(const char *pathname, mode_t mode, dev_t dev);
int mknodat(int dirfd, const char *pathname, mode_t mode, dev_t dev);
int chmod(const char *path, mode_t mode);
int fchmodat(int dirfd, const char *pathname, mode_t mode, int flags);
int fchmod(int fildes, mode_t mode);
typedef int uid_t;
typedef int gid_t;
int fchownat(int dirfd, const char *pathname, uid_t owner, gid_t group, int flags);
int chown(const char *path, uid_t owner, gid_t group);
int lchown(const char *path, uid_t owner, gid_t group);
int fchown(int fildes, uid_t owner, gid_t group);
int rmdir(const char *pathname);
int chdir(const char *path);
int link(const char *oldpath, const char *newpath);
int linkat(int fd1, const char *path1, int fd2, const char *path2, int flag);
int unlink(const char *pathname);
int unlinkat(int fd, const char *path, int flag);
struct stat;
int fstat(int fd, struct stat *statbuf);
int stat(const char *restrict path, struct stat *restrict buf);
int lstat(const char *restrict path, struct stat *restrict buf);
int fstatat(int fd, const char *restrict path, struct stat *restrict buf, int flag);
DIR *opendir(const char *name);
DIR *fdopendir(int fd);
int isatty(int fildes);
typedef struct {
int x;
} FILE;
FILE *popen(const char *command, const char *type);
int pclose(FILE *stream);
int close(int fildes);
long fpathconf(int fildes, int name);
long pathconf(const char *path, int name);
FILE *fdopen(int fd, const char *mode);
void rewinddir(DIR *dir);
void seekdir(DIR *dirp, long loc);
int rand_r(unsigned int *seedp);
int strcasecmp(const char *s1, const char *s2);
int strncasecmp(const char *s1, const char *s2, size_t n);
int fileno(FILE *stream);
int fseeko(FILE *stream, off_t offset, int whence);
off_t ftello(FILE *stream);
void *mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset);
typedef off_t off64_t;
void *mmap64(void *addr, size_t length, int prot, int flags, int fd, off64_t offset);
int pipe(int fildes[2]);
off_t lseek(int fildes, off_t offset, int whence);
typedef size_t ssize_t;
ssize_t readlink(const char *restrict path, char *restrict buf, size_t bufsize);
ssize_t readlinkat(int fd, const char *restrict path, char *restrict buf, size_t bufsize);
int renameat(int olddirfd, const char *oldpath, int newdirfd, const char *newpath);
char *realpath(const char *restrict file_name, char *restrict resolved_name);
int execv(const char *path, char *const argv[]);
int execvp(const char *file, char *const argv[]);
int getopt(int argc, char *const argv[], const char *optstring);
// Must have at least one call expression to initialize the summary map.
int bar(void);
void foo() {
bar();
}